The ISO/IEC 38500 Corporate governance of information technology standard, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.
ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. It is organized into three prime sections, specifically, Scope, Framework and Guidance
The Benefits:
The objectives of the ISO/IEC 38500 are described by itself as:
- Assuring stakeholders that they can have confidence in the organization's corporate governance of IT
- Informing/guiding Directors in governing the use of IT in their organization
- Providing a basis for objective evaluation of the corporate governance of IT
Business Needs and Challenges:
- Business Technology
- Governance and Risk Compliance (GRC)
- Business Continuity
- Global Sourcing
- Cloud Computing
